Menu

For Science and Technology

What is the Stagefright vulnerability?

The Stagefright vulnerability refers to a critical vulnerability that was discovered last week in the Stagefright library, an open source media player used by 95% of Android devices. The vulnerability is particularly troublesome because it can be delivered via MMS, which is automatically downloaded to the Android device by default, giving a potential attacker the ability to remotely control and steal data from the device. Currently there is no evidence that these exploits are being used in the wild. The Stagefright vulnerability affects any Android device running Froyo 2.2 to Lollipop 5.1.1 and has been documented with the following reference numbers: CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829.

Will Stagefright Detector fix the Stagefright vulnerability?

Stagefright Detector is designed to keep you informed about the status of your device.
Stagefright Detector will not fix the vulnerability, because the vulnerability can only be fixed once a patch is released by Google, your carrier or your device manufacturer, which typically is delivered through a System Update. To check if a patch is available for most Android devices, go to Settings and click System Updates.